|
|
#1
15th Jul 2009, 10:22
|
|||
|
|||
|
I have a virus and its disabling my sound systema and blocking my internet connection this my hijackthis
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 7:30:01 PM, on 7/15/2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\CyberLink\Shared files\RichVideo.exe C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Babylon\Babylon-Pro\Babylon.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Java\jre6\bin\jusched.exe H:\tools.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/home R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.5.19.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll (file missing) O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\sw g.dll (file missing) O2 - BHO: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_6_0_1.d ll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll (file missing) O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll (file missing) O3 - Toolbar: myBabylon English Toolbar - {b2e293ee-fd7e-4c71-a714-5f4750d8d7b7} - C:\Program Files\myBabylon_English\tbmyB1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [Babylon Client] C:\Program Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe " -t (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: VerbAce-Pro Startup Agent.lnk = C:\Program Files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.2.2.28.dll/206 (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP chain gap (#2 in chain of 24 missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1227263750281 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1227966019296 O16 - DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} (Battlefield Heroes Updater) - https://play.battlefield-heroes.com/...r_4.0.15.0.cab O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (MSN Games – Hearts) - http://zone.msn.com/bingame/zpagames...z.cab99160.cab O16 - DPF: {A4110378-789B-455F-AE86-3A1BFC402853} (ZPA_SHVL Object) - http://zone.msn.com/bingame/zpagames...l.cab55579.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://cdn2.zone.msn.com/binFramewor....cab102118.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...nt/swflash.cab O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Google Software Updater (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing) O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PCProxy - Unknown owner - C:\WINDOWS\system32\PCProxy.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe O23 - Service: SbPF.Launcher - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFLnch.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software, Inc. - C:\Program Files\Sunbelt Software\Personal Firewall\SbPFSvc.exe -- End of file - 10467 bytes and this my ComboFix : ComboFix 09-07-14.08 - 123 07/15/2009 17:54.1.2 - NTFSx86 NETWORK Microsoft Windows XP Professional 5.1.2600.3.1256.966.1033.18.2046.1744 [GMT 3:00] Running from: H:\toolb.exe AV: Kaspersky Internet Security *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} FW: *disabled* {F61A549E-9C8A-4859-8BFE-2A4A018BBA4A} FW: Kaspersky Internet Security *enabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Installer\10115629.msp c:\windows\Installer\10165bc.msp c:\windows\Installer\10d50e87.msp c:\windows\Installer\125f0c58.msp c:\windows\Installer\1349512.msp c:\windows\Installer\142218ca.msp c:\windows\Installer\15329eb2.msp c:\windows\Installer\1532a014.msp c:\windows\Installer\1620cb8.msp c:\windows\Installer\17856635.msp c:\windows\Installer\194866c0.msp c:\windows\Installer\1c161f.msp c:\windows\Installer\1c4c0d8.msp c:\windows\Installer\1cabac3c.msp c:\windows\Installer\1ee9632.msp c:\windows\Installer\21d20ec4.msp c:\windows\Installer\22837a.msp c:\windows\Installer\2283c1.msp c:\windows\Installer\2541cac.msp c:\windows\Installer\26f852a8.msp c:\windows\Installer\2ad8146.msp c:\windows\Installer\2ad8222.msp c:\windows\Installer\2c1a812.msp c:\windows\Installer\2c1e848b.msp c:\windows\Installer\2e7e2.msp c:\windows\Installer\2e9d9.msp c:\windows\Installer\2ebeaeb.msp c:\windows\Installer\3144f3c5.msp c:\windows\Installer\32099.msp c:\windows\Installer\3209a.msp c:\windows\Installer\3209b.msp c:\windows\Installer\3209c.msp c:\windows\Installer\3209d.msp c:\windows\Installer\3209e.msp c:\windows\Installer\3b2e6.msp c:\windows\Installer\3c804.msp c:\windows\Installer\47a8780.msp c:\windows\Installer\4939c76.msp c:\windows\Installer\4af0efc.msp c:\windows\Installer\506dad2.msp c:\windows\Installer\519ea7b.msp c:\windows\Installer\51c0a56.msp c:\windows\Installer\51e5a22.msp c:\windows\Installer\5c1cc8a.msp c:\windows\Installer\65af160.msp c:\windows\Installer\688553f.msp c:\windows\Installer\6e6143.msp c:\windows\Installer\6eb035d.msp c:\windows\Installer\714bb05.msp c:\windows\Installer\77a38e4.msp c:\windows\Installer\7e804dd.msp c:\windows\Installer\81257f2.msp c:\windows\Installer\9ba1c33.msp c:\windows\Installer\9d56aec.msp c:\windows\Installer\a17e461.msi c:\windows\Installer\a426193.msp c:\windows\Installer\a44b72c.msp c:\windows\Installer\ae80e3c.msp c:\windows\Installer\b816397.msp c:\windows\Installer\baeab15.msp c:\windows\Installer\bb2c32.msp c:\windows\Installer\c3afb.msp c:\windows\Installer\c3b10db.msp c:\windows\Installer\ca5f00c.msp c:\windows\Installer\d38a23f.msp c:\windows\Installer\efbbd09.msp c:\windows\Installer\f639c1.msp c:\windows\Installer\f68d88d.msp c:\windows\system32\BReWErS.dll . ((((((((((((((((((((((((( Files Created from 2009-06-15 to 2009-07-15 ))))))))))))))))))))))))))))))) . 2009-07-15 00:43 . 2009-07-15 00:43 -------- d-----w- c:\windows\system32\wbem\Repository 2009-07-15 00:36 . 2009-07-15 00:36 -------- d-sh--w- c:\documents and settings\123\PrivacIE 2009-07-14 20:48 . 2009-07-14 20:49 -------- d-----w- c:\windows\system32\NtmsData 2009-07-14 20:42 . 2009-07-14 20:42 -------- d-----w- c:\documents and settings\123\Local Settings\Application Data\Babylon 2009-07-14 20:42 . 2009-07-14 20:42 -------- d-----w- c:\documents and settings\123\Local Settings\Application Data\Ahead 2009-07-14 20:42 . 2009-07-15 15:05 -------- d-----w- c:\documents and settings\123\Application Data\Babylon 2009-07-14 20:42 . 2009-07-14 20:42 106864 ----a-w- c:\documents and settings\123\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-07-14 20:41 . 2008-11-30 00:04 -------- d-----w- c:\documents and settings\123\Local Settings\Application Data\Microsoft Help 2009-07-14 20:28 . 2008-06-21 01:54 65576 ----a-w- c:\windows\system32\drivers\SbFwIm.sys 2009-07-14 20:28 . 2008-07-16 06:57 269736 ----a-r- c:\windows\system32\drivers\SbFw.sys 2009-07-12 21:52 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll 2009-07-12 21:52 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll 2009-07-12 14:41 . 2009-07-12 14:41 -------- d-----w- c:\program files\Microsoft Silverlight 2009-07-10 11:21 . 2009-07-10 11:30 -------- d-----w- c:\program files\BearFlix 2009-07-10 10:27 . 2009-07-10 10:27 0 ----a-w- c:\windows\system32\cd.dat 2009-07-09 20:53 . 2009-07-14 17:38 -------- d-----w- c:\program files\Oberon Media 2009-07-09 20:53 . 2009-07-09 22:24 -------- d-----w- c:\program files\MSN Games 2009-07-02 16:18 . 2009-07-10 16:30 -------- d-----w- c:\program files\Ares 2009-07-01 17:44 . 2009-07-01 17:44 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache 2009-07-01 14:02 . 2009-07-01 14:02 20 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\bases\apu\ForDiff\apu0003.da t.com 2009-06-18 19:59 . 2009-06-18 19:59 -------- d-----w- c:\program files\ProxyShell 2009-06-17 11:52 . 2009-06-17 23:47 -------- dc----w- c:\documents and settings\All Users\Application Data\{1B787D8A-D08C-49D5-A4A1-312278CA1465} . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) )) . 2009-07-15 15:05 . 2008-11-01 18:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2009-07-15 15:05 . 2008-10-06 09:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-07-15 14:51 . 2009-01-13 11:12 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2009-07-15 02:17 . 2008-07-04 04:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-07-15 01:56 . 2008-10-06 09:02 9171488 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-07-15 01:56 . 2008-10-06 09:02 75876 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-07-15 01:56 . 2008-10-06 09:02 7432 --sha-w- c:\windows\system32\drivers\fidbox2.idx 2009-07-15 01:56 . 2008-10-06 09:02 1245216 --sha-w- c:\windows\system32\drivers\fidbox2.dat 2009-07-15 01:56 . 2008-11-13 08:45 1039664 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2009-07-14 23:03 . 2008-07-06 10:15 -------- d-----w- c:\program files\GameSpy Arcade 2009-07-14 20:13 . 2008-10-25 17:49 -------- d-----w- c:\program files\Sunbelt Software 2009-07-14 17:18 . 2008-11-22 15:21 -------- d-----w- c:\program files\Hotspot Shield 2009-07-09 22:24 . 2008-11-11 11:50 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2009-07-09 20:56 . 2008-07-03 23:35 -------- d-----w- c:\program files\BitComet 2009-07-01 17:18 . 2009-04-22 16:12 -------- d-----w- c:\documents and settings\All Users\Application Data\RealHideIP 2009-07-01 17:15 . 2009-07-01 17:14 375 ----a-w- c:\documents and settings\All Users\Application Data\Setting.dat 2009-06-29 15:35 . 2009-05-08 19:12 -------- d-----w- c:\program files\Cheat Engine 2009-06-19 14:22 . 2009-05-17 00:58 -------- d-----w- c:\program files\PopCap Games 2009-06-18 19:58 . 2009-04-22 16:02 -------- d-----w- c:\program files\Easy-Hide-IP 2009-06-17 23:52 . 2008-10-10 13:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-06-17 23:49 . 2008-10-10 13:38 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-06-05 22:26 . 2009-06-05 22:26 -------- d-----w- c:\program files\Ares Vista 2009-06-04 16:00 . 2009-06-04 16:00 59992 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.459\English\setup.exe 2009-06-02 09:54 . 2008-07-03 14:52 -------- d-----w- c:\program files\Golden Al-Wafi Translator 2009-06-01 18:13 . 2009-06-01 18:13 33840 ------w- c:\windows\system32\drivers\HssDrv.sys 2009-05-27 19:38 . 2009-05-27 19:38 0 ----a-w- c:\windows\popcreg.dat 2009-05-27 12:46 . 2008-01-29 15:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys 2009-05-27 12:46 . 2008-10-06 09:02 94643 ----a-w- c:\windows\system32\drivers\klick.dat 2009-05-27 12:46 . 2008-10-06 09:02 105395 ----a-w- c:\windows\system32\drivers\klin.dat 2009-05-27 12:46 . 2009-02-10 19:44 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.5 06\klbg.sys 2009-05-27 12:46 . 2009-02-10 19:44 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.5 06\XP\klif.sys 2009-05-25 19:33 . 2009-05-25 19:33 -------- d-----w- c:\program files\softendo.com 2009-05-25 11:06 . 2009-05-25 11:06 -------- d-----w- c:\program files\asad teem 2009-05-25 10:57 . 2009-05-14 07:45 -------- d-----w- c:\program files\Zen Puzzle Garden 2009-05-25 10:57 . 2009-05-19 16:07 -------- d-----w- c:\program files\NotMyIP 2009-05-25 10:57 . 2009-05-25 10:56 -------- d-----w- c:\program files\MdenatAlSlamGame 2009-05-20 20:18 . 2009-05-17 01:00 25 ----a-w- c:\windows\popcinfot.dat 2009-05-17 16:03 . 2008-07-05 17:31 -------- d-----w- c:\program files\LimeWire 2009-05-17 00:59 . 2009-05-17 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap Games 2009-05-14 03:52 . 2009-05-14 03:52 413696 ----a-w- c:\windows\system32\wrap_oal.dll 2009-05-14 03:52 . 2009-05-14 03:52 110592 ----a-w- c:\windows\system32\OpenAL32.dll 2009-05-13 05:15 . 2002-12-31 12:00 915456 ----a-w- c:\windows\system32\wininet.dll 2009-05-07 15:32 . 2002-12-31 12:00 345600 ----a-w- c:\windows\system32\localspl.dll 2009-05-06 19:53 . 2009-05-06 19:53 8704 ----a-w- c:\windows\system32\SpOrder.dll 2009-05-06 05:40 . 2009-05-14 02:18 279629 ----a-w- c:\windows\esubmit.exe 2009-04-22 19:14 . 2009-04-17 11:53 20480 ----a-w- c:\windows\system32\H@tKeysH@@k.DLL 2009-04-21 21:20 . 2009-04-21 21:20 14311680 ----a-w- c:\windows\system32\xlive.dll 2009-04-21 21:20 . 2009-04-21 21:20 13642496 ----a-w- c:\windows\system32\xlivefnt.dll 2009-04-17 12:26 . 2002-12-31 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys 2009-06-15 19:26 . 2008-07-06 14:44 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] 2009-07-01 14:01 2094616 ----a-w- c:\program files\myBabylon_English\tbmyB1.dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}"= "c:\program files\myBabylon_English\tbmyB1.dll" [2009-07-01 2094616] [HKEY_CLASSES_ROOT\clsid\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run] "CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-12-23 143360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-17 13574144] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648] "RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2007-03-14 71216] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-16 148888] "NvMediaCenter"="c:\windows\system32\NvMcTray. dll" [2008-09-17 86016] "Babylon Client"="c:\program files\Babylon\Babylon-Pro\Babylon.exe" [2008-12-07 3563232] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-11 34672] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-02-10 206088] "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-10-09 17021440] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\Cur rentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1 \DW\dwtrig20.exe" [2007-08-24 437160] c:\documents and settings\All Users\Start Menu\Programs\Startup\ VerbAce-Pro Startup Agent.lnk - c:\program files\VerbAce Research\VerbAce-Pro\VerbAce-Pro.exe [2009-4-21 606208] WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-7-3 118784] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\WinDefend] @="Service" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "UpdatesDisableNotify"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\AuthorizedApplications\List] "c:\\WINDOWS\\system32\\sessmgr.exe"= "c:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"= "c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer .exe"= "c:\\Program Files\\CyberLink\\PowerDVD\\PowerDVD.exe"= "c:\\Program Files\\GameSpy Arcade\\Aphex.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"= "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\SPSSWinWrapIDE.exe"= "c:\\Program Files\\SPSSInc\\Statistics17\\statistics.com"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"= "c:\\Program Files\\MSN Messenger\\livecall.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "e:\\Rockstar Games Social Club\\RGSCLauncher.exe"= "e:\\Grand Theft Auto IV\\LaunchGTAIV.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpo licy\standardprofile\GloballyOpenPorts\List] "24084:TCP"= 24084:TCP:BitComet 24084 TCP "24084:UDP"= 24084:UDP:BitComet 24084 UDP "25048:TCP"= 25048:TCP:BitComet 25048 TCP "25048:UDP"= 25048:UDP:BitComet 25048 UDP R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 6:29 PM 33808] R1 SbFw;SbFw;c:\windows\system32\drivers\SbFw.sys [7/14/2009 11:28 PM 269736] R1 sbhips;Sunbelt HIPS Driver;c:\windows\system32\drivers\sbhips.sys [6/21/2008 4:54 AM 66600] R2 SbPF.Launcher;SbPF.Launcher;c:\program files\Sunbelt Software\Personal Firewall\SbPFLnch.exe [7/30/2008 10:36 AM 95528] R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592] R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [3/13/2008 7:02 PM 26640] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592] R3 SBFWIMCL;Sunbelt Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [7/14/2009 11:28 PM 65576] S2 PCProxy;PCProxy;c:\windows\system32\PCProxy.exe [5/19/2009 7:07 PM 1364062] S2 SPF4;Sunbelt Personal Firewall 4;c:\program files\Sunbelt Software\Personal Firewall\SbPFSvc.exe [7/30/2008 10:36 AM 1361192] [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSe tup SIGNUP . Contents of the 'Scheduled Tasks' folder 2009-07-15 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 16:20] 2009-07-14 c:\windows\Tasks\NSSstub.job - c:\windows\system32\Adobe\Shockwave 11\nssstub.exe [2009-07-12 20:15] . . ------- Supplementary Scan ------- . uStart Page = hxxp://search.babylon.com/home IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://play.battlefield-heroes.com/static/updater/BFHUpdater_4.0.15.0.cab FF - ProfilePath - . ************************************************** ************************ catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-07-15 18:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************** ************************ [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{ 95808DC4-FA4A-4C74-92FE-5B863F82066B}] "ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl" . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E916 4-324D-4A2E-A46D-0165FB2000EC}] @Denied: (Full) (Everyone) "scansk"=hex(0):1b,30,a6,f0,8a,44,06,92,0d,47,76,4 5,32,7a,61,ef,47,6e,23,96,0a, 23,84,84,a5,48,4a,27,b5,65,cd,bb,0b,9d,a9,c8,c0,bf ,35,3c,00,00,00,00,00,00,\ [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{ff82309 d-9b2f-41dd-8bb6-aa3be6e40350}] @Denied: (Full) (Everyone) "Model"=dword:00000159 "Therad"=dword:00000015 "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5 ,9f,6a,96,3e,ab,de,c5,81,26, 38,95,44,85,b1,12,f9,90,dd,23,a1,49,8c,bf,1a,9d,fe ,41,71,cb,3f,46,a4,7c,ab,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\WPAEvents] @Denied: (Full) (LocalSystem) "OOBETimer"=hex:ff,d5,71,d6,8b,6a,8d,6f,d5,33,93,f d . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2968) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Java\jre6\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\windows\system32\nvsvc32.exe c:\windows\system32\PnkBstrA.exe c:\program files\CyberLink\Shared files\RichVideo.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe . ************************************************** ************************ . Completion time: 2009-07-15 18:09 - machine was rebooted ComboFix-quarantined-files.txt 2009-07-15 15:09 Pre-Run: 3,254,423,552 bytes free Post-Run: 3,215,646,720 bytes free 305 --- E O F --- 2009-07-14 20:19 |
|
#2
15th Jul 2009, 12:45
|
|||
|
|||
|
Welcome to CJ.
Lets try to get your Internet connection back. Reset WINSOCK entries Reset TCP/IP stack Go Start > Run (Start search in Vista) then type in: cmd Click OK (in Vista, while holding CTRL, and SHIFT, press Enter). At the Command Prompt, type in: netsh winsock reset catalog On the keyboard press Enter. Do that again and type in: netsh int ip reset reset.log Press Enter. Restart the computer. Note: Resetting the Winsock using netsh winsock reset catalog command in SP2 removes all the third-party LSPs and restores Winsock to factory default setting. Existing programs that uses their own LSPs need to be reinstalled again. Example: Google Desktop Search. ---------- Go Start > Run (Start search in Vista) and type in: cmd Click OK (in Vista, while holding CTRL, and SHIFT, press Enter). In the Command Prompt window type in following commands, and press Enter after each one: ipconfig /flushdns ipconfig /registerdns ipconfig /release ipconfig /renew Note the space before the forward slash / Restart the computer. Let me know if the connection is back now.
__________________
 |
